[ 51.537508][ T25] audit: type=1800 audit(1573199174.403:27): pid=7859 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="startpar" name="restorecond" dev="sda1" ino=2469 res=0 [ 51.582613][ T25] audit: type=1800 audit(1573199174.413:28): pid=7859 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="startpar" name="ssh" dev="sda1" ino=2450 res=0 [....] Starting periodic command scheduler: cron[?25l[?1c7[ ok 8[?25h[?0c. [....] Starting OpenBSD Secure Shell server: sshd[?25l[?1c7[ ok 8[?25h[?0c. [ 52.438663][ T25] audit: type=1800 audit(1573199175.383:29): pid=7859 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="startpar" name="rc.local" dev="sda1" ino=2465 res=0 [ 52.458736][ T25] audit: type=1800 audit(1573199175.383:30): pid=7859 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="startpar" name="rmnologin" dev="sda1" ino=2456 res=0 Debian GNU/Linux 7 syzkaller ttyS0 Warning: Permanently added '10.128.0.158' (ECDSA) to the list of known hosts. 2019/11/08 07:46:24 fuzzer started 2019/11/08 07:46:26 dialing manager at 10.128.0.105:41185 2019/11/08 07:46:27 syscalls: 2553 2019/11/08 07:46:27 code coverage: enabled 2019/11/08 07:46:27 comparison tracing: enabled 2019/11/08 07:46:27 extra coverage: extra coverage is not supported by the kernel 2019/11/08 07:46:27 setuid sandbox: enabled 2019/11/08 07:46:27 namespace sandbox: enabled 2019/11/08 07:46:27 Android sandbox: /sys/fs/selinux/policy does not exist 2019/11/08 07:46:27 fault injection: enabled 2019/11/08 07:46:27 leak checking: CONFIG_DEBUG_KMEMLEAK is not enabled 2019/11/08 07:46:27 net packet injection: enabled 2019/11/08 07:46:27 net device setup: enabled 2019/11/08 07:46:27 concurrency sanitizer: enabled 2019/11/08 07:46:27 devlink PCI setup: PCI device 0000:00:10.0 is not available syzkaller login: [ 65.927181][ T8025] KCSAN: could not find function: 'may_open' 2019/11/08 07:46:32 adding functions to KCSAN blacklist: 'rcu_gp_fqs_loop' 'dd_has_work' 'vm_area_dup' 'mod_timer' 'ktime_get_seconds' '__ext4_new_inode' 'generic_write_end' 'do_dentry_open' 'ext4_free_inode' 'blk_mq_dispatch_rq_list' 'ktime_get_real_seconds' 'may_open' 'find_get_pages_range_tag' 'taskstats_exit' 'ext4_nonda_switch' 'xas_clear_mark' 'ext4_has_free_clusters' 'run_timer_softirq' 'common_perm_cond' 'pid_update_inode' 'tick_sched_do_timer' 'pipe_wait' '__hrtimer_run_queues' 'process_srcu' 'do_nanosleep' 'pipe_poll' 'echo_char' 'find_next_bit' 'tomoyo_supervisor' 'tcp_add_backlog' 'ep_poll' 'tick_do_update_jiffies64' 'ima_file_free' 'rcu_gp_fqs_check_wake' 'pcpu_alloc' 'generic_permission' 'padata_find_next' 07:46:51 executing program 0: ioctl$TIOCGSID(0xffffffffffffffff, 0x5429, 0x0) mkdir(&(0x7f0000000000)='./file0\x00', 0x0) mount$bpf(0x20000000, &(0x7f00000000c0)='./file0\x00', 0x0, 0x2001001, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10000, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000000)=@newlink={0x30, 0x10, 0x801, 0x0, 0x0, {}, [@IFLA_GROUP={0x8}, @IFLA_PROTO_DOWN={0x8, 0x4}]}, 0x30}}, 0x0) stat(0x0, &(0x7f0000000240)) getegid() ioctl$EXT4_IOC_SETFLAGS(0xffffffffffffffff, 0x40086602, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x8912, 0x0) pivot_root(&(0x7f0000000140)='./file0\x00', &(0x7f0000000100)='./file0\x00') getpeername(0xffffffffffffffff, &(0x7f0000000300)=@can={0x1d, 0x0}, 0x0) ioctl$sock_inet6_SIOCDELRT(0xffffffffffffffff, 0x890c, &(0x7f0000000380)={@loopback, @remote, @dev={0xfe, 0x80, [], 0x25}, 0x0, 0x4, 0x0, 0x400, 0x0, 0x0, r1}) socket$netlink(0x10, 0x3, 0x0) getsockname$packet(0xffffffffffffffff, 0x0, &(0x7f0000000200)) sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000440)={0x0, 0x0, &(0x7f0000000080)={0x0}}, 0x2000) sendmsg$nl_xfrm(0xffffffffffffffff, 0x0, 0x80000) 07:46:51 executing program 1: socketpair$unix(0x1, 0x5, 0x0, &(0x7f00000001c0)={0xffffffffffffffff}) getsockopt$sock_cred(r0, 0x1, 0x11, &(0x7f0000caaffb)={0x0, 0x0}, &(0x7f0000cab000)=0x1) setresuid(0x0, r1, 0x0) ioctl$sock_SIOCDELDLCI(r0, 0x89a0, 0x0) [ 88.567870][ T8029] IPVS: ftp: loaded support on port[0] = 21 [ 88.677314][ T8029] chnl_net:caif_netlink_parms(): no params data found [ 88.744828][ T8029] bridge0: port 1(bridge_slave_0) entered blocking state [ 88.770459][ T8029] bridge0: port 1(bridge_slave_0) entered disabled state [ 88.778264][ T8029] device bridge_slave_0 entered promiscuous mode [ 88.785985][ T8029] bridge0: port 2(bridge_slave_1) entered blocking state [ 88.793984][ T8029] bridge0: port 2(bridge_slave_1) entered disabled state [ 88.802563][ T8029] device bridge_slave_1 entered promiscuous mode [ 88.822695][ T8029] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 88.834142][ T8029] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 88.838062][ T8032] IPVS: ftp: loaded support on port[0] = 21 [ 88.855983][ T8029] team0: Port device team_slave_0 added [ 88.862744][ T8029] team0: Port device team_slave_1 added 07:46:51 executing program 2: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000140)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_ENABLE_CAP_CPU(r2, 0xc008ae88, &(0x7f00000000c0)={0x7a, 0x0, [0x17b]}) [ 88.942881][ T8029] device hsr_slave_0 entered promiscuous mode [ 88.999959][ T8029] device hsr_slave_1 entered promiscuous mode [ 89.087740][ T8034] IPVS: ftp: loaded support on port[0] = 21 07:46:52 executing program 3: perf_event_open(&(0x7f0000000100)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = socket$alg(0x26, 0x5, 0x0) bind$alg(r0, &(0x7f0000000b40)={0x26, 'skcipher\x00', 0x0, 0x0, 'ctr-twofish-3way\x00'}, 0x58) setsockopt$ALG_SET_KEY(r0, 0x117, 0x1, &(0x7f0000000080)="ab553fec94248c32e27d04000000288a", 0x10) r1 = accept$alg(r0, 0x0, 0x0) write$binfmt_script(r1, &(0x7f0000000600)=ANY=[], 0xfec8) recvmmsg(r1, &(0x7f0000007e00)=[{{&(0x7f0000001240)=@alg, 0x80, &(0x7f0000004700)=[{&(0x7f00000012c0)=""/167, 0x2f5}, {&(0x7f00000023c0)=""/49, 0x200023f1}, {&(0x7f0000003580)=""/4096, 0x1000}], 0x3, &(0x7f0000004780)=""/245, 0xf5}}], 0x30, 0x0, &(0x7f0000008000)={0x0, 0x989680}) [ 89.160249][ T8029] bridge0: port 2(bridge_slave_1) entered blocking state [ 89.167620][ T8029] bridge0: port 2(bridge_slave_1) entered forwarding state [ 89.175173][ T8029] bridge0: port 1(bridge_slave_0) entered blocking state [ 89.182284][ T8029] bridge0: port 1(bridge_slave_0) entered forwarding state [ 89.377051][ T8029] 8021q: adding VLAN 0 to HW filter on device bond0 [ 89.421507][ T8032] chnl_net:caif_netlink_parms(): no params data found [ 89.468595][ T8029] 8021q: adding VLAN 0 to HW filter on device team0 [ 89.505602][ T12] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 89.515336][ T12] bridge0: port 1(bridge_slave_0) entered disabled state [ 89.561267][ T12] bridge0: port 2(bridge_slave_1) entered disabled state [ 89.582406][ T12] IPv6: ADDRCONF(NETDEV_CHANGE): bond0: link becomes ready [ 89.652696][ T12] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 89.676066][ T8059] ================================================================== [ 89.684305][ T8059] BUG: KCSAN: data-race in task_dump_owner / task_dump_owner [ 89.690171][ T12] bridge0: port 1(bridge_slave_0) entered blocking state [ 89.691679][ T8059] [ 89.698703][ T12] bridge0: port 1(bridge_slave_0) entered forwarding state [ 89.701015][ T8059] write to 0xffff88812a7ad090 of 4 bytes by task 8046 on cpu 0: [ 89.701041][ T8059] task_dump_owner+0x246/0x260 [ 89.701058][ T8059] pid_update_inode+0x3c/0x70 [ 89.701087][ T8059] pid_revalidate+0x91/0xd0 [ 89.729840][ T8059] lookup_fast+0x6f2/0x700 [ 89.734268][ T8059] walk_component+0x6d/0xe70 [ 89.739233][ T8059] path_lookupat.isra.0+0x13a/0x5a0 [ 89.744703][ T8059] filename_lookup+0x145/0x2b0 [ 89.749566][ T8059] user_path_at_empty+0x4c/0x70 [ 89.754425][ T8059] vfs_statx+0xd9/0x190 [ 89.758784][ T8059] __do_sys_newstat+0x51/0xb0 [ 89.762215][ T12] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 89.763478][ T8059] __x64_sys_newstat+0x3a/0x50 [ 89.776586][ T8059] do_syscall_64+0xcc/0x370 [ 89.781130][ T8059] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 89.787019][ T8059] [ 89.789636][ T8059] write to 0xffff88812a7ad090 of 4 bytes by task 8059 on cpu 1: [ 89.797364][ T8059] task_dump_owner+0x246/0x260 [ 89.802132][ T8059] pid_update_inode+0x3c/0x70 [ 89.806813][ T8059] pid_revalidate+0x91/0xd0 [ 89.811325][ T8059] lookup_fast+0x6f2/0x700 [ 89.815742][ T8059] walk_component+0x6d/0xe70 [ 89.820104][ T12] bridge0: port 2(bridge_slave_1) entered blocking state [ 89.820392][ T8059] link_path_walk.part.0+0x5d3/0xa90 [ 89.827398][ T12] bridge0: port 2(bridge_slave_1) entered forwarding state [ 89.832663][ T8059] path_openat+0x14f/0x36e0 [ 89.832678][ T8059] do_filp_open+0x11e/0x1b0 [ 89.832704][ T8059] do_sys_open+0x3b3/0x4f0 [ 89.853282][ T8059] __x64_sys_open+0x55/0x70 [ 89.859270][ T8059] do_syscall_64+0xcc/0x370 [ 89.863797][ T8059] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 89.869685][ T8059] [ 89.872031][ T8059] Reported by Kernel Concurrency Sanitizer on: [ 89.878193][ T8059] CPU: 1 PID: 8059 Comm: ps Not tainted 5.4.0-rc6+ #0 [ 89.884973][ T8059] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 89.895038][ T8059] ================================================================== [ 89.903105][ T8059] Kernel panic - not syncing: panic_on_warn set ... [ 89.909726][ T8059] CPU: 1 PID: 8059 Comm: ps Not tainted 5.4.0-rc6+ #0 [ 89.916489][ T8059] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 89.926557][ T8059] Call Trace: [ 89.929866][ T8059] dump_stack+0xf5/0x159 [ 89.934216][ T8059] panic+0x210/0x640 [ 89.938146][ T8059] ? vprintk_func+0x8d/0x140 [ 89.942760][ T8059] kcsan_report.cold+0xc/0xe [ 89.947366][ T8059] kcsan_setup_watchpoint+0x3fe/0x410 [ 89.950604][ T8053] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 89.952758][ T8059] __tsan_unaligned_write4+0x143/0x1f0 [ 89.963904][ T8063] IPVS: ftp: loaded support on port[0] = 21 [ 89.966095][ T8059] task_dump_owner+0x246/0x260 [ 89.976721][ T8059] ? __rcu_read_unlock+0x66/0x3c0 [ 89.981182][ T8053] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 89.981767][ T8059] pid_update_inode+0x3c/0x70 [ 89.994431][ T8059] pid_revalidate+0x91/0xd0 [ 89.998946][ T8059] lookup_fast+0x6f2/0x700 [ 90.003474][ T8059] walk_component+0x6d/0xe70 [ 90.008084][ T8059] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 90.014343][ T8059] ? security_inode_permission+0xa5/0xc0 [ 90.020012][ T8059] ? inode_permission+0xa0/0x3c0 [ 90.024599][ T8053] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 90.024971][ T8059] link_path_walk.part.0+0x5d3/0xa90 [ 90.038225][ T8059] path_openat+0x14f/0x36e0 [ 90.042750][ T8059] ? proc_pid_status+0xee1/0x1000 [ 90.047807][ T8059] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 90.054064][ T8059] ? __virt_addr_valid+0x163/0x1e0 [ 90.059216][ T8059] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 90.065468][ T8059] ? __sanitizer_cov_trace_switch+0x49/0x80 [ 90.070756][ T8053] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 90.071380][ T8059] ? __read_once_size+0x41/0xe0 [ 90.084013][ T8059] do_filp_open+0x11e/0x1b0 [ 90.088545][ T8059] ? __alloc_fd+0x2ef/0x3b0 [ 90.093078][ T8059] do_sys_open+0x3b3/0x4f0 [ 90.097539][ T8059] __x64_sys_open+0x55/0x70 [ 90.102059][ T8059] do_syscall_64+0xcc/0x370 [ 90.106585][ T8059] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 90.110567][ T8053] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 90.112503][ T8059] RIP: 0033:0x7f047682a120 [ 90.112532][ T8059] Code: 48 8b 15 1b 4d 2b 00 f7 d8 64 89 02 83 c8 ff c3 90 90 90 90 90 90 90 90 90 90 83 3d d5 a4 2b 00 00 75 10 b8 02 00 00 00 0f 05 <48> 3d 01 f0 ff ff 73 31 c3 48 83 ec 08 e8 5e 8c 01 00 48 89 04 24 [ 90.112553][ T8059] RSP: 002b:00007fff938443d8 EFLAGS: 00000246 ORIG_RAX: 0000000000000002 [ 90.150740][ T8053] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 90.153604][ T8059] RAX: ffffffffffffffda RBX: 0000000000616760 RCX: 00007f047682a120 [ 90.169592][ T8059] RDX: 00007fff93844412 RSI: 0000000000000000 RDI: 00007fff93844400 [ 90.177582][ T8059] RBP: 0000000000020000 R08: 0000000000000000 R09: 00007f0476af255f [ 90.185566][ T8059] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000001e30220 [ 90.193551][ T8059] R13: 0000000000000020 R14: 00007f0476edf010 R15: 0000000000000000 [ 90.200939][ T8053] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 90.210839][ T8059] Kernel Offset: disabled [ 90.215176][ T8059] Rebooting in 86400 seconds..